enum EndpointAccessMode
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.APIGateway.EndpointAccessMode |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsapigateway#EndpointAccessMode |
 Java | software.amazon.awscdk.services.apigateway.EndpointAccessMode |
 Python | aws_cdk.aws_apigateway.EndpointAccessMode |
 TypeScript (source) | aws-cdk-lib » aws_apigateway » EndpointAccessMode |
The endpoint access mode for the domain name.
When using enhanced security policies (those starting with SecurityPolicy_),
you must set the endpoint access mode to either STRICT or BASIC.
Use STRICT for production workloads requiring the highest security.
Use BASIC for migration scenarios or certain application architectures.
Example
declare const acmCertificateForExampleCom: any;
// For regional or private APIs with enhanced security policy
new apigateway.DomainName(this, 'custom-domain-tls13', {
domainName: 'example.com',
certificate: acmCertificateForExampleCom,
securityPolicy: apigateway.SecurityPolicy.TLS13_1_3_2025_09, // TLS 1.3
endpointAccessMode: apigateway.EndpointAccessMode.STRICT, // Recommended for production
});
// For edge-optimized APIs with enhanced security policy
new apigateway.DomainName(this, 'custom-domain-edge-tls13', {
domainName: 'example.com',
certificate: acmCertificateForExampleCom,
endpointType: apigateway.EndpointType.EDGE,
securityPolicy: apigateway.SecurityPolicy.TLS13_2025_EDGE, // Enhanced security policy for edge
endpointAccessMode: apigateway.EndpointAccessMode.STRICT, // Recommended for production
});
Members
| Name | Description |
|---|---|
| STRICT | Strict mode - only accepts connections from clients using the specified security policy. |
| BASIC | Basic mode - one of the two valid endpoint access modes for enhanced security policies. |
STRICT
Strict mode - only accepts connections from clients using the specified security policy.
Recommended for production workloads.
BASIC
Basic mode - one of the two valid endpoint access modes for enhanced security policies.
Suitable for migration scenarios or certain application architectures. Note: legacy security policies (TLS_1_0, TLS_1_2) do not use this attribute.